Network & Connectivity Issues
Accessing JFrog ML over VPN/Proxy
If you're using a VPN or a proxy, you may encounter issues when running JFrog ML commands. This section provides guidance on how to resolve common errors related to SSL certificate verification when behind a VPN or proxy.
1. Proxy Access Errors
Symptom
If your Proxy is filtering network traffic you might be experiencing this issue if you see the following error message when running qwak configure --api-key "xxx"
:
ProxyError: HTTPSConnectionPool(host='dev-qwak.us.auth0.com', port=443):
Max retries exceeded with url: /.well-known/jwks.json
(Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))
Solution
Check VPN/Proxy Settings:
Ensure that your VPN or proxy allows traffic to and from Qwak's following domains:
dev-qwak.us.auth0.com:443
grpc.qwak.ai
grpc.<ENVIRONMENT_NAME>.qwak.ai
models.<ENVIRONMENT_NAME>.qwak.ai
The Qwak Environment name can be found in your Qwak Dashboard, on the lower-left side: in the following example the environment name is grig-qwak
.
2. Certificate Validation Errors
Symptom
If your VPN/Proxy encrypts traffic from with additional certificates, they should be added to the CA certificate file. Typical certificate issues are appearing when configuring your JFrog ML CLI:
Caused by SSLError(SSLCertVerificationError(1,
'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (\_ssl.c:1129)')
Solution
1. Add the CA Certificate to certifi'
s Bundle
certifi'
s BundleJFrog ML SDK relies on Python's certifi
library for server certificate validation. To identify the location of your certificate validation file, run the following Python snippet:
import certifi
print(certifi.where())
This will output the path to your certificate validation file.
Next, append your VPN's or Proxy's CA certificate to this cacert.pem
file. Open the file in a text editor with administrative privileges and add the certificate at the end.
2. Verifying the new Certificate CA with OpenSSL
After adding your custom certificate, you can validate the connection using OpenSSL with the following command:
openssl s_client -connect dev-qwak.us.auth0.com:443 -CAfile /path/to/your/cacert.pem
Check the output for a line that says Verify return code: 0 (ok)
. This indicates that the certificate has been successfully verified. If the verification fails, you will see a different return code along with a description of the failure.
Connecting to Cloud Resources Behind Private Networks
When your cloud resources are behind a private network or VPC, you may need to whitelist specific IP addresses to allow the JFrog ML platform to access them. For example when connecting to a new BigQuery or S3 based Data Source you might get a timeout error.
Symptoms
You might be facing this issue if:
- You receive timeout errors when JFrog ML tries to access your cloud resources.
- Your cloud resource logs show unauthorized or blocked access attempts from the JFrog ML IP addresses.
- Data transfers or API calls between JFrog ML and your cloud resources are failing without a clear error message.
Solution
To ensure seamless connectivity, please add the following range of JFrog ML IP addresses to your network's whitelist:
23.21.54.216
44.212.137.42
Need assistance?
For more information and questions, feel free to reach out to JFrog ML support using the in-platform chat.
Updated 18 days ago